VYPR
Unrated severityNVD Advisory· Published Apr 6, 2008· Updated Jun 16, 2026

CVE-2008-1685

CVE-2008-1685

Description

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • GNU/Gcc7 versions
    cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gcc:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gcc:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gcc:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gcc:4.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gcc:4.3.0:*:*:*:*:*:*:*
    • (no CPE)range: 4.2.0 - 4.3.0
  • Range: 4.2.0 - 4.3.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.